Embedded IoT Linux for Red-Blue Teams
 
This course offers an in-depth exploration of Embedded/IoT firmware, starting from fundamental concepts and progressing to advanced topics such as system compromise. Participants will gain insights into the multistage boot process, kernel, root filesystem, and custom toolchain usage, focusing on ARM architecture boards with the latest 4.15.x kernel.

Key topics covered in this course include:

- Understanding Embedded/IoT device architecture basics
- Exploring the Boot Process and Multi-stage Bootloaders
- Creating custom toolchains with cross-tool-NG
- Deep diving into U-boot build and booting a device manually with U-boot
- Kernel and Device Tree fundamentals, along with custom Kernel and Device Tree builds
- Building the runtime C library (uClibc) and constructing the root filesystem using BusyBox
- Debugging the system over UART
- Exploring Kernel mode rootkits and understanding their implications on Embedded/IoT devices
- Recognizing system constraints and addressing challenges specific to Embedded/IoT environments
- Investigating Kernel mode rootkits on IoT/Embedded devices, including Syscall monitoring and hijacking, Process manipulation, Network stacking hooking with Netfilter, Kernel mode Network backdoor with Command & Control (C&C), and other related topics.